tags 691642 - security thanks Hi, * Vincent Lefevre <vincent@vinc17.net> [2012-10-28 13:32]: > On 2012-10-28 11:37:58 +0100, Nico Golde wrote: [...] > > > In addition to possible data loss due to the crash, this is a security > > > problem, because the sequence may appear in a remote file. > > > > Sorry, I couldn't parse this sentence. What exactly are the security > > implications? So far I don't see how this qualifies for a security bug. > > If some external data (because they contain some unexpected byte > sequence) make a local program crash (so that user data are lost), > that's a security bug. Just like when you have a bug in the image > decoder used by your web browser that makes it crash on some image > files. That was exactly my point, this is not treated as a security bug in Debian, but a regular bug. Cheers Nico
Attachment:
pgp3dkGDdq0Hs.pgp
Description: PGP signature